The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill instructs the AI to pull information from potentially untrusted internal sources (Slack, Email, Drive) to generate high-visibility content like newsletters and FAQs. This creates an attack surface where an employee could inject instructions into a Slack message that the AI might treat as a directive. • Ingestion points: Slack messages, Emails, Google Drive documents, and Calendar events (as specified in 3p-updates.md and company-newsletter.md). • Boundary markers: Absent; there are no instructions to the AI on how to distinguish between content to be summarized and embedded instructions. • Capability inventory: High-visibility text generation for wide distribution (Slack/Email newsletters). • Sanitization: Absent; the skill does not include steps to validate or sanitize input from these sources.
Data Exposure (SAFE): The skill targets broad internal sources. While it focuses on 'large channels' and 'prominent' messages, there is a minor risk of inadvertently including sensitive information in a public summary if the AI context window includes non-public details.

internal-comms